-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User can correctly login into dashboard, but app won't fetch any data from the openBalena server. #2
Comments
@saveriogzz when you say that So back to your issue, if you installed |
@saveriogzz just checking in, were you able to resolve this issue? |
hey @dcaputo-harmoni , sorry the late answer and thanks for checking in!
Running Thanks again 🍻 |
OK, so if I'm understanding your setup correctly, you are running |
Thanks @dcaputo-harmoni ! I was not thinking about CNAMES... dumb of me! I will set them up and keep you posted here! |
hey! I made the CNAMEs list added with the values
But I still get a |
@saveriogzz can you access it via the public IP of the admin server directly? |
It's indeed not publicly exposed, but I should be able to reach it when using the VPN! |
What happens when you are connected to the VPN and you try to access the IP (not the hostname) directly via your browser on port 8080? Can you ping the IP? |
I have been having the same issue with the 503 service unavailable. open-balena-admin is running on the same remote host (EC2) as open-balena. My fix was that I had to set custom TCP rules for inbound traffic on 8080, 8000, and 10000-10009. |
Could you share how to set these rules using an example? |
Sure thing.
As long as your A and CNAME routes are set up correctly you should be able to go to |
Hi @dcaputo-harmoni I can access |
Hi @sajid-mulytic, if you are using docker-compose to run it, there is no pre baked way to access via HTTPS. However if you deploy using the included helm / K8S scripts, there is a SSL ingress controller that will handle this for you. I suspect this would be a feature that others would be interested in if you want to take a stab at modifying the build script to include a secure option which modifies the services.yml file and submit a PR. |
Hi @dcaputo-harmoni, thanks for your suggestion. I do not have that much knowledge about Kubernetes at this moment. So, I am sticking with HTTP for now. Also, I will give it a try to modify the services.yml as you mentioned. |
Hi @sajid-mulytic if you also have port 80 available (at least once) on your openbalena-admin host, I'd recommend using Caddy (or some other reverse proxy which can obtain the needed certificate for HTTPS automatically). For this I'd recommend taking a look at a reverse proxy like caddy-docker-proxy The easiest thing for providing HTTP to the outside world is a reverse proxy which accepts the HTTPS connections from the outside world (of course with a valid certificate for the used HTTPS address) and forwards to connection(s) to the respective container(s). Caddy is one of the may tools for this. It's light-weight and serves public DNS names over HTTPS using certificates from a public ACME CA such as Let's Encrypt or ZeroSSL:
then sites will be served over HTTPS automatically. It just works. In the simplest case (only one domain to be served) it would be is as easy as:
You can just try this line after installng Caddy it's go, so just one static binary, (I didn't know about this) or you can run as a service using docker, which is very powerful: https://github.com/lucaslorentz/caddy-docker-proxy does this as a separate docker service and you use it as the central arrival location for all HTTPS:443 connections on your host (not just one service to be provided over HTTPS, but any docker service you want) While you need to make a very tiny modification to the caddy-docker-proxy uses a common docker network called You run version: '3.7'
services:
open-balena-ui:
image: open-balena-ui-image-url
networks:
- caddy
labels:
caddy: whoami.example.com
caddy.reverse_proxy: "{{upstreams 8080}}"
networks:
caddy:
external: true These lines will cause that the open-balena-ui service is on the docker network |
Hi, |
hey @dcaputo-harmoni , I was able to start up the admin and open it up on my local machine at http://localhost:8080/. However, the admin is not fetching anything from the openBalena server!
Is there perhaps something I am overlooking?
Summary of my configuration
Thanks!!
The text was updated successfully, but these errors were encountered: